logstash with ruby

input {
   file {
        path => ["/var/log/s/*.log"]
        type => "system"
        start_position => "beginning"
        codec =>plain{charset=>"GBK"}
    }

}

#input {
#  kafka{
#    bootstrap_servers => ["10.1.1.24:9092,10.1.1.190:9092,10.1.3.14:9092"]
#    client_id => "hbase-chl-dev-t"
#    group_id => "hbase-chl-dev-t"
#    auto_offset_reset => "latest"
#    consumer_threads => 5
#    codec => "json"
#   decorate_events => "true"
#   topics => ["hbase-chl-dev"]
#  }
#}

filter {
#grok {
#match => { "message" => "%{TIMESTAMP_ISO8601:access_time}\s+\[%{DATA}\]\s+%{DATA:level}\s+\[%{DATA}\]\s+%{DATA}\s+-%{DATA:mkey}\|%{DATA:mv1}\|%{DATA:mv2}\|%{DATA:mv3}\s+%{GREEDYDATA:request_id}" }
#}
ruby {
  code => '
     c=event.get("message").split(pattern="- ", -1)[-1]
     d=c.split(pattern="|", -1)
     key=d[0]
     mvs=d[-1].split(pattern=" ",-1)
     event.set("mkey",key)
     event.set("request_id",mvs[-1])
     if (mvs[0] =~ /^\d{1,}$/)
        event.set("m#{d.length-1}",mvs[0].to_i)
     end
     (1..d.length-2).each do |i|
         keys="m" + "#{i}"
         if (d.values_at(i)[0] =~ /^\d{1,}$/)
            event.set(keys,d.values_at(i)[0].to_i)
         else
            event.set(keys,d.values_at(i)[0])
         end
     end
  '
}
}
output {
  stdout {
    codec => rubydebug
  }
}